From owner-freebsd-ports@FreeBSD.ORG Sat Sep 22 15:18:42 2007 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BBB8516A41B for ; Sat, 22 Sep 2007 15:18:42 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 1D72113C457 for ; Sat, 22 Sep 2007 15:18:41 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.14.1/8.14.1) with ESMTP id l8MFIYX7051001; Sat, 22 Sep 2007 16:18:36 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) Message-ID: <46F5324A.3030509@infracaninophile.co.uk> Date: Sat, 22 Sep 2007 16:18:34 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.6 (X11/20070803) MIME-Version: 1.0 To: Andrea Venturoli References: <46F52222.8040503@netfence.it> In-Reply-To: <46F52222.8040503@netfence.it> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (smtp.infracaninophile.co.uk [IPv6:::1]); Sat, 22 Sep 2007 16:18:36 +0100 (BST) X-Virus-Scanned: ClamAV 0.91.2/4358/Sat Sep 22 12:33:58 2007 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.8 required=5.0 tests=AWL,BAYES_00,NO_RELAYS autolearn=ham version=3.2.3 X-Spam-Checker-Version: SpamAssassin 3.2.3 (2007-08-08) on happy-idiot-talk.infracaninophile.co.uk Cc: freebsd-ports@freebsd.org Subject: Re: sendmal + cyrus imap + ckuser X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Sep 2007 15:18:42 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Andrea Venturoli wrote: > I apologize if this is considered OT. > > I've got a primary mailserver with sendmail+cyrus and two backup > mailservers which forward messages to the primary. > > In order to allow for rejection at the SMTP dialogue level, I started > using ckuser_cyrus.m4 (which comes with the sendmail port). > The primary mailserver now does this fine; however I don't know how to > configure the other ones to do this as well. > > Ideally I'd like sendmail to check with the primary for mailbox > existance via TCP, but another solution would be to configure the > cyrusv2 mailer on the backup servers too, but making it talk to cyrus > imapd on the primary. This isn't really a question for freebsd-ports, but... The way to do this is to configure the cyrus smmapd to listen on a network port -- something like this in /usr/local/etc/cyrus.conf # Sendmail socket map daemon smmapd cmd="smmapd" listen="192.168.1.1:smmap" prefork=1 smmapdunix cmd="smmapd" listen="/var/imap/socket/smmapd" prefork=1 Then you can tell your 2ary sendmails to use that to check for mailbox existence and quota availability -- in /etc/mail/`hostname`.mc: FEATURE(`ckuser_cyrus', `inet:smmap@your.mail.server')dnl You'll have to choose what port smmapd will use: I added a line like this to /etc/services: smmap 10026/tcp # Sendmail Socket Map Oh, and I'd be wary of exposing the smmapd port on the internet: either arrange for your 1ary and 2ary mailers to have a private back-end network they can communicate on, or have fun with firewalling and/or VPNs. Making your 2ary machines speak LMTP to cyrus on your mail box server involves very similar tweaks. You'll need something like this in your .mc file: define(`confLOCAL_MAILER', `cyrusv2')dnl define(`CYRUSV2_MAILER_ARGS', `TCP your.mail.server lmtp')dnl dnl dnl Mailer definitions dnl MAILER(local) MAILER(smtp) MAILER(cyrusv2) and again, you'll have to decide what port LMTP listens on and set up cyrus.conf so lmtpd is listening on a network interface, and protect the LMTP daemon from abuse. The '-a' flag to lmtpd is very handy in this situation: saves lots of hair loss trying to make authentication work... Cheers, Matthew - -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG9TJK8Mjk52CukIwRCJu2AJ99hr1k0FOpnws678AF6CU1fQ/6NgCfTmwv ucx5YjKjSkDOeouGzwEj57w= =Rrz4 -----END PGP SIGNATURE-----